GIAC
GCFA · Question #276
GCFA Question #276: Real Exam Question with Answer & Explanation
Sign in or unlock GCFA to reveal the answer and full explanation for question #276. The question stem and answer options stay visible for context.
Question
You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that an unauthorized user is accessing data on a database server on the network. Which of the following actions will you take to preserve the evidences? Each correct answer represents a complete solution. Choose three.
Options
- APrevent the company employees from entering the server room.
- BDetach the network cable from the database server.
- CPrevent a forensics experts team from entering the server room.
- DPreserve the log files for a forensics expert.
Unlock GCFA to see the answer
You've previewed enough free GCFA questions. Unlock GCFA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.